whois in a post gdpr world
play

Whois in a post-GDPR world - The Norwegian model Hilde Thunem - PowerPoint PPT Presentation

Whois in a post-GDPR world - The Norwegian model Hilde Thunem ccNSO Tech Day 22. October 2018 Norid collects and processes customer data To ensure that private individuals and organisations can register Norwegian domain names and maintain


  1. Whois in a post-GDPR world - The Norwegian model Hilde Thunem ccNSO Tech Day 22. October 2018

  2. Norid collects and processes customer data ˃ To ensure that private individuals and organisations can register Norwegian domain names and maintain and transfer the registration within the parameters set by the domain name policy for .no ˃ To manage the Norwegian top-level domain in a way that contributes to robust operation of the internet as an infrastructure 2

  3. The .no data model: What data do we collect from our customers?

  4. At the core: information about the domain registration and the holder Domain holder can be an ˃ organisation or an individual The holder is identified to ˃ Norid by a unique identifier, showing who has the right to use the domain − Organisations: number registered in Brønnøysund Register Centre − Individuals: national identity number. To restrict access to the holder’s national identity number, Norid then creates a unique identifier that the holder uses in our systems and towards the registrar

  5. 2017: evaluating our data model 5

  6. 2018: new model, less data Contact person ˃ name added for holders that are organisations Tech-c must be role ˃ Clean-up ongoing ˃ − 550 000 person objects removed from customer database − May 2018: 130 000 domains with a person as tech contact. Registrars are currently updating them with roles 6

  7. Registration data directory services offered by Norid 7

  8. Why offer a publically available look-up of domain names? The purpose of the registration data directory service is to ˃ contribute to resolving technical problems where individual domains threaten the functionality, security and stability of other domains or the internet as an infrastructure. The purpose is also to give the public an opportunity to contact the domain name holder . The service strengthens confidence in Norwegian domains: ˃ − easy to find point of contact when a domain causes technical problems − possible to find the party responsible for a registration (if organisation) − provides an opportunity to contact the domain holder − contributes to the combating of illegal content on the internet 8

  9. 63% 27% 10% Overview of information available to the public 9

  10. Using the strengths of different channels ˃ Norid offers two different channels to the public where they can access information about a domain registration − whois.norid.no (port 43) − Web interface ˃ The intended target and potential for misuse of each channel influences the form and amount of information that is presented 10

  11. whois.norid.no Intended for the international ˃ technical community − Contribute to resolving technical problems − Well-known format – automated look-ups possible − Each look-up gives only the information requested Reducing potential for misuse ˃ − CAPTCHA not possible and rate limits has limited effect − Gives no info about the domain holder 11

  12. Web interface Intended for the public ˃ − Provides opportunity to contact the domain holder (and resolving technical problems) − A look-up gives all publically available info regarding a domain: registration info, domain holder, registrar, tech-c and technical setup − Emphasize most important info Reducing potential for ˃ misuse − CAPTCHA and rate limits 12

  13. Less information about individuals 13

  14. Domain overview ˃ The web interface also allows look-up of an organisation number − Domain names per registrar − DNSSEC-status ˃ No overview of domains registered by an individual 14

  15. What about layered access? ˃ We already have layered access (sort of) − Registry Part of registration − Registrars «ecosystem» − Public (through two separate services) ˃ Currently considering need for further layers ˃ Changing technology: Whois is dead – long live RDAP? 15

  16. More information ˃ Domain Lookup for .no − Web interface https://www.norid.no/en/domeneoppslag/ − Terms and conditions https://www.norid.no/en/domeneoppslag/vilkar/ ˃ Customer data we process https://www.norid.no/en/personvern/behandling-kundedata/ ˃ The lookup service and privacy https://www.norid.no/en/personvern/domeneoppslag/ 16

  17. Thank you Hilde Thunem hilde.thunem@norid.no

Recommend


More recommend